Trend Micro Predictive Machine Learning uses advanced machine
learning technology to correlate threat information and perform in-depth file analysis
to detect
emerging unknown security risks through digital DNA fingerprinting, API mapping, and
other file
features. Predictive Machine Learning also performs a behavioral analysis on unknown
or
low-prevalence processes to determine if an emerging or unknown threat is attempting
to infect
your network.
Predictive Machine Learning is a powerful tool that helps
protect your environment from unidentified threats and zero-day attacks.
Monitoring level is the degree of vigilance and strictness applied when detecting
and responding to potential threats. Raising the level increases the sensitivity of
the sensor, which increases the number of detections and alerts. Higher levels allow
for more strict monitoring to help with situations like on-going threat investigations,
but might generate a large number of nonessential logs and impact endpoint performance.
Trend Micro recommends setting your monitoring level to 2 - Moderate to balance more
relevant data with minimal impact on your endpoints. Some components used by higher
monitoring levels are not available on all platforms.
|
Detection Type
|
Description
|
|
File
|
After detecting an unknown or low-prevalence file, the Trend Vision One Endpoint Security agent scans
the file using the Advanced Threat Scan Engine (ATSE) to extract file features and
sends the
report to the Predictive Machine Learning engine, hosted on the Trend Micro Smart
Protection
Network. Through use of malware modeling, Predictive Machine Learning compares the
sample to
the malware model, assigns a probability score, and determines the probable malware
type
that the file contains.
If a functional Internet connection is unavailable, Predictive Machine
Learning automatically switches to the local model to provide constant unknown threat
protection against portable executable file threats.
Depending on how you configure Predictive Machine Learning,
the Trend Vision One Endpoint Security agent
can attempt to
Quarantinethe affected file to prevent the threat from continuing to spread across your network. |
|
Process
|
After detecting an unknown or low-prevalence process,
the Trend Vision One Endpoint Security agent
monitors the process using the Contextual Intelligence Engine, and sends the behavioral
report to the Predictive Machine Learning engine. Through use of behavioral malware
modeling, Predictive Machine Learning compares the process behavior to the model,
assigns a
probability score, and determines the probable malware type the process is executing.
Process detection also monitors script execution. If the
Contextual Intelligence Engine detects the execution of a suspicious script, Predictive
Machine Learning takes the configured action.
Predictive Machine Learning performs script blocking on the
following types of scripts:
Depending on how you configure Predictive Machine
Learning, the Trend Vision One Endpoint Security agent can
Terminatethe affected process or script and attempt to clean the file that executed the process or script. |